# WARNING: Use this configuration for testing only!

[server]
# What port to listen on and where request are supposed to come from
listen_on = "127.0.0.1:3000"

# What header your reverse proxy sets that contains the real ip-address
# Possible Values: Every Variation of SecureClientIpSource in the axum_client_ip package
# https://docs.rs/axum-client-ip/latest/axum_client_ip/enum.SecureClientIpSource.html
#ip_header = "RightmostXForwardedFor"
# When you don't want to use a proxy server:
ip_header = "ConnectInfo"

# Allow querying of private range ips
# enable if you want to use this service
# on your internal network for some reason
allow_private_ip_lookup = true

[dns]
# Enable the /dig enpoint
allow_forward_lookup = true

# Enable reverse lookup, make sure to configure the hidden_suffixes
# to contain your locally used domains, to prevent onformation leakage
allow_reverse_lookup = true

# echoip-sltecave will pretend that domains
# that end with one of these suffixes don't exist
hidden_suffixes = [".com"]

[geoip]
# Path to geoip databses
# Currently only the mmdb format is supported
# Official databases can be obtained from maxmind.com
asn_database = "mmdb/GeoLite2-ASN.mmdb"
location_database = "mmdb/GeoLite2-City.mmdb"

# If anyone knows a free (as in freedom) geoip database
# please open an issue so I can integrate it
# https://codeberg.org/slatian/service.echoip-slatecave

[template]
# Path to the template directory, can contain glob patterns 
template_location = "templates"

# Prefixes of user agents that should get a text reponse by default
text_user_agents = ["curl/"]

[ratelimit]
# Configure a Quota for the Rate limiter

# Please note that this depends on the ip_header being
# configured correctly!

# How many requests per minute are allowed
# (How fast the leaky bucket drains)
per_minute = 20
# How many requests may come in at once
# (How much capacity the leaky bucket has)
burst = 15

#Note: The ratelimit is implemented using the governor crate

[dns.resolver.digitalcourage]
display_name = "Digitalcourage"
info_url = "https://digitalcourage.de/support/zensurfreier-dns-server"
aliases = ["dc","dc3","digitalcourage3"]
weight = 990

servers = ["5.9.164.112:853","[2a01:4f8:251:554::2]:853"]
protocol = "tls"
tls_dns_name = "dns3.digitalcourage.de"

[dns.resolver.quad9]
display_name = "Quad9"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9","9999"]
weight = 980

servers = ["9.9.9.9:853", "149.112.112.112:853", "[2620:fe::fe]:853", "[2620:fe::9]:853"]
protocol = "tls"
tls_dns_name = "dns.quad9.net"

[dns.resolver.quad9_ecs]
display_name = "Quad9 with ecs"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9ecs","9999ecs","ecs"]
weight = 970

servers = ["9.9.9.11:853", "149.112.112.11:853", "[2620:fe::fe:11]:853", "[2620:fe::11]:853"]
protocol = "tls"
tls_dns_name = "dns11.quad9.net"

[dns.resolver.quad9_unvalidated]
display_name = "Quad9 unvalidated"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9u","9999u"]
weight = 960

servers = ["9.9.9.10:853", "149.112.112.10:853", "[2620:fe::fe:10]:853", "[2620:fe::10]:853"]
protocol = "tls"
tls_dns_name = "dns10.quad9.net"

[dns.resolver.cloudflare]
display_name = "Cloudflare"
info_url = "https://www.cloudflare.com/dns/"
aliases = ["cf","1111"]
weight = 450

servers = ["1.1.1.1:853", "1.0.0.1:853", "[2606:4700:4700::1111]:853", "[2606:4700:4700::1001]:853"]
protocol = "tls"
tls_dns_name = "cloudflare-dns.com"

[dns.resolver.google]
display_name = "Google"
info_url = "https://developers.google.com/speed/public-dns/docs/using"
aliases = ["goo","8888"]
weight = 440

servers = ["8.8.8.8:53", "8.4.4.8:53", "[2001:4860:4860::8888]:53", "[2001:4860:4860::8844]:53"]
protocol = "udp"